Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2022-30632

Uncontrolled Recursion

Published: Aug 10, 2022 | Modified: Nov 07, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2022-30632
CWEhttps://cwe.mitre.org/data/definitions/674.html

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

Weakness

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Affected Software

Name Vendor Start Version End Version
Go Golang * 1.17.12 (excluding)
Go Golang 1.18.0 (including) 1.18.4 (excluding)
Application Interconnect 1 for RHEL 8 RedHat skupper-cli-0:1.0.2-2.el8 *
Multicluster Engine for Kubernetes RedHat multicluster-engine-agent-service-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-apiserver-network-proxy-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-assisted-image-service-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-assisted-installer-agent-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-assisted-installer-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-assisted-installer-reporter-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-aws-encryption-provider-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-cluster-api-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-cluster-api-provider-agent-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-cluster-api-provider-aws-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-cluster-api-provider-azure-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-cluster-api-provider-kubevirt-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-clusterclaims-controller-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-cluster-curator-controller-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-clusterlifecycle-state-metrics-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-cluster-proxy-addon-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-cluster-proxy-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-console-mce-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-discovery-operator-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-hive-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-hypershift-addon-operator-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-hypershift-deployment-controller-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-hypershift-operator-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-klusterlet-operator-bundle-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-managedcluster-import-controller-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-managed-serviceaccount-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-multicloud-manager-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-must-gather-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-operator-bundle-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-operator-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-placement-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-provider-credential-controller-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-registration-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-registration-operator-container *
Multicluster Engine for Kubernetes RedHat multicluster-engine-work-container *
Node Maintenance Operator 4.11 for RHEL 8 RedHat workload-availability/node-maintenance-rhel8-operator:v4.11.1-1 *
OADP-1.1-RHEL-8 RedHat oadp/oadp-velero-rhel8:1.1.1-20 *
OpenShift Custom Metrics Autoscaler 2 RedHat custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8:2.8.2-143 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/client-kn-rhel8:1.3.1-4 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-controller-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-mtping-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-storage-version-migration-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-sugar-controller-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-webhook-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/ingress-rhel8-operator:1.24.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/knative-rhel8-operator:1.24.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/kn-cli-artifacts-rhel8:1.3.1-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/kourier-control-rhel8:1.3.0-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/net-istio-controller-rhel8:1.3.0-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/net-istio-webhook-rhel8:1.3.0-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serverless-operator-bundle:1.24.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serverless-rhel8-operator:1.24.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-activator-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-autoscaler-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-controller-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-domain-mapping-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-queue-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-storage-version-migration-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-webhook-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/svls-must-gather-rhel8:1.24.0-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1-tech-preview/eventing-kafka-broker-controller-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1-tech-preview/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1-tech-preview/eventing-kafka-broker-receiver-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1-tech-preview/eventing-kafka-broker-webhook-rhel8:1.3.2-2 *
Openshift Serverless 1 on RHEL 8 RedHat openshift-serverless-clients-0:1.3.1-4.el8 *
OSE-OSC-1.3-RHEL-8 RedHat openshift-sandboxed-containers/osc-monitor-rhel8:1.3.1-5 *
OSE-OSC-1.3-RHEL-8 RedHat openshift-sandboxed-containers/osc-must-gather-rhel8:1.3.1-6 *
OSE-OSC-1.3-RHEL-8 RedHat openshift-sandboxed-containers/osc-operator-bundle:1.3.1-10 *
OSE-OSC-1.3-RHEL-8 RedHat openshift-sandboxed-containers/osc-rhel8-operator:1.3.1-5 *
OSSO-1.1-RHEL-8 RedHat openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-11 *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat gatekeeper-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat gatekeeper-operator-bundle-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat gatekeeper-operator-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat lighthouse-agent-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat lighthouse-coredns-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat nettest-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat subctl-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat submariner-gateway-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat submariner-globalnet-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat submariner-networkplugin-syncer-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat submariner-operator-bundle-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat submariner-operator-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat submariner-route-agent-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat volsync-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat volsync-mover-rclone-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat volsync-mover-restic-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat volsync-mover-rsync-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat volsync-mover-syncthing-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat volsync-operator-bundle-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat acm-governance-policy-addon-controller-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat acm-grafana-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat acm-must-gather-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat acm-operator-bundle-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat acm-prometheus-config-reloader-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat acm-prometheus-operator-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat acm-volsync-addon-controller-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat cert-policy-controller-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat cluster-backup-operator-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat config-policy-controller-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat console-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat endpoint-monitoring-operator-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat governance-policy-propagator-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat governance-policy-spec-sync-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat governance-policy-status-sync-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat governance-policy-template-sync-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat grafana-dashboard-loader-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat iam-policy-controller-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat insights-client-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat insights-metrics-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat klusterlet-addon-controller-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat kube-rbac-proxy-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat kube-state-metrics-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat management-ingress-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat memcached-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat memcached-exporter-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat metrics-collector-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat multicloud-integrations-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat multiclusterhub-operator-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat multiclusterhub-repo-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat multicluster-observability-operator-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat multicluster-operators-application-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat multicluster-operators-channel-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat multicluster-operators-subscription-operator-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat node-exporter-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat observatorium-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat observatorium-operator-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat prometheus-alertmanager-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat prometheus-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat rbac-query-proxy-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat redisgraph-tls-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat search-aggregator-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat search-api-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat search-collector-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat search-operator-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat submariner-addon-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat thanos-container *
Red Hat Advanced Cluster Management for Kubernetes 2 RedHat thanos-receive-controller-container *
Red Hat Ceph Storage 6.1 RedHat rhceph/rhceph-6-dashboard-rhel9:6-75 *
Red Hat Developer Tools RedHat go-toolset-1.17-golang-0:1.17.12-1.el7_9 *
Red Hat Enterprise Linux 8 RedHat go-toolset:rhel8-8060020220720230014.97d7f71f *
Red Hat Enterprise Linux 8 RedHat git-lfs-0:2.13.3-3.el8_6 *
Red Hat Enterprise Linux 8 RedHat grafana-0:7.5.15-3.el8 *
Red Hat Enterprise Linux 8 RedHat container-tools:3.0-8070020220802115906.39077419 *
Red Hat Enterprise Linux 8 RedHat grafana-pcp-0:3.2.0-2.el8 *
Red Hat Enterprise Linux 8 RedHat container-tools:rhel8-8080020230321153727.0f77c1b7 *
Red Hat Enterprise Linux 8 RedHat container-tools:4.0-8080020230217080101.8108cfbc *
Red Hat Enterprise Linux 9 RedHat golang-0:1.17.12-1.el9_0 *
Red Hat Enterprise Linux 9 RedHat grafana-0:7.5.15-3.el9 *
Red Hat Enterprise Linux 9 RedHat toolbox-0:0.0.99.3-5.el9 *
Red Hat Enterprise Linux 9 RedHat grafana-pcp-0:3.2.0-3.el9 *
Red Hat Enterprise Linux 9 RedHat git-lfs-0:3.2.0-1.el9 *
Red Hat Enterprise Linux 9 RedHat runc-4:1.1.12-2.el9 *
Red Hat Migration Toolkit for Containers 1.7 RedHat rhmtc/openshift-velero-plugin-rhel8:v1.7.6-5 *
Red Hat OpenShift Service Mesh 2.2 for RHEL 8 RedHat openshift-service-mesh/istio-cni-rhel8:2.2.2-7 *
Red Hat OpenShift Service Mesh 2.2 for RHEL 8 RedHat openshift-service-mesh/istio-rhel8-operator:2.2.2-8 *
Red Hat OpenShift Service Mesh 2.2 for RHEL 8 RedHat openshift-service-mesh/pilot-rhel8:2.2.2-7 *
Red Hat OpenShift Service Mesh 2.2 for RHEL 8 RedHat openshift-service-mesh/prometheus-rhel8:2.2.2-4 *
Red Hat OpenShift Service Mesh 2.2 for RHEL 8 RedHat openshift-service-mesh/proxyv2-rhel8:2.2.2-8 *
Red Hat OpenShift Service Mesh 2.2 for RHEL 8 RedHat openshift-service-mesh/ratelimit-rhel8:2.2.2-4 *
Red Hat OpenStack Platform 16.1 RedHat etcd-0:3.3.23-12.el8ost *
Red Hat OpenStack Platform 16.2 RedHat etcd-0:3.3.23-12.el8ost *
RHEL-7-CNV-4.12 RedHat kubevirt-0:4.12.0-1057.el7 *
RHEL-8-CNV-4.12 RedHat kubevirt-0:4.12.0-1057.el8 *
RHEL-8-CNV-4.12 RedHat container-native-virtualization/virt-api:v4.12.0-255 *
STF-1.5-RHEL-8 RedHat stf/sg-core-rhel8:5.1.1-2 *
Golang-1.13 Ubuntu bionic *
Golang-1.13 Ubuntu esm-apps/bionic *
Golang-1.13 Ubuntu esm-apps/xenial *
Golang-1.13 Ubuntu focal *
Golang-1.13 Ubuntu jammy *
Golang-1.13 Ubuntu trusty *
Golang-1.13 Ubuntu xenial *
Golang-1.16 Ubuntu bionic *
Golang-1.16 Ubuntu esm-apps/bionic *
Golang-1.16 Ubuntu focal *
Golang-1.16 Ubuntu trusty *
Golang-1.16 Ubuntu xenial *
Golang-1.18 Ubuntu bionic *
Golang-1.18 Ubuntu focal *
Golang-1.18 Ubuntu jammy *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use